Ruediger Pluem [Sat, 15 Dec 2007 16:15:04 +0000 (16:15 +0000)]
* Fix a SEGFAULT by ensuring that buckets that may have been buffered in the
network filters get flushed to the network. This is needed since
these buckets have been created with the bucket allocator of the
backend connection. This allocator either gets destroyed if
conn->close is set or the worker address is not reusable which
causes the connection to the backend to be closed or it will be used
again by another frontend connection that wants to recycle the
backend connection.
In this case we could run into nasty race conditions (e.g. if the
next user of the backend connection destroys the allocator before we
sent the buckets to the network).
Remark 1: Doing a setaside does not help here as the buckets remain
created by the wrong allocator in this case.
Remark 2: Yes, this creates a possible performance penalty in the case
of pipelined requests as we may send only a small amount of data over
the wire.
Ruediger Pluem [Wed, 12 Dec 2007 10:38:19 +0000 (10:38 +0000)]
* Do not register connection_cleanup as cleanup for the conn->pool. In the past
it was needed to register connection_cleanup as a cleanup for the frontend
connection memory pool (c->pool) to ensure that connection returns into the
connection pool if the memory pool of the frontend connection memory pool
gets destroyed / cleared. Now we ensure explicitly the connection returns
to the connection pool once we finished handling the request.
Ruediger Pluem [Wed, 12 Dec 2007 07:44:02 +0000 (07:44 +0000)]
* Fix another memory leak related to PR 44026. Now that we keep the connection
data structure alive in the reslist, the live time of c->pool is too long.
r->pool has the correct live time since rp dies before r.
Jeff Trawick [Tue, 11 Dec 2007 20:08:12 +0000 (20:08 +0000)]
http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings.
Joe Orton [Tue, 11 Dec 2007 16:02:23 +0000 (16:02 +0000)]
Fix CVE-2007-5000:
* modules/mappers/mod_imagemap.c (menu_header): Fix
cross-site-scripting issue by escaping the URI, and ensure that a
charset parameter is sent in the content-type to prevent
autodetection by broken browsers.
Introduce --kill argument to ApacheMonitor for use by the
installer. This will permit the installation tool to remove
all running instances before attempting to remove the .exe.
Note that since the introduction of CriticalSections, our
compatibility with NT 4 was destroyed, and at this point that
is no loss (there are no more security updates to NT 4 ergo
it's not an OS we want connected to the internet, anyways).
The WTS api calls require 2000 or later, but I'm not wrapping
them since nobody notices the same issue with CriticalSections.
Ruediger Pluem [Tue, 11 Dec 2007 13:27:21 +0000 (13:27 +0000)]
* Use a separate subpool to manage the data for the socket and the connection
member of the proxy_conn_rec struct as we destroy this data more frequently
than other data in the proxy_conn_rec struct like hostname and addr (at least
in the case where we have keepalive connections that timed out and were
closed by the backend).
This fixes a memory leak with short lived and broken connections.
Ruediger Pluem [Sat, 8 Dec 2007 20:10:29 +0000 (20:10 +0000)]
* Enable the proxy to keep connections persistent in the HTTPS case.
Basicly the persistence is created by keeping the conn_rec structure
created for our backend connection (whether http or https) in the connection
pool. This required to adjust scoreboard.c in a way that its functions can
properly deal with a NULL scoreboard handle by ignoring the call or returning
an error code.
Jim Jagielski [Sat, 8 Dec 2007 16:10:40 +0000 (16:10 +0000)]
Alternate fix... profiling indicates that the string
termination is completely unneeded and superflous. In
which case, the original allocation size is sufficient
since nothing external worries about a NULL nor
looks for it.
Ruediger Pluem [Sat, 8 Dec 2007 14:03:43 +0000 (14:03 +0000)]
* Optimize memory behaviour of mod_substitute by
* Precreate all needed brigades, save them in the filter context and reuse
them in order to avoid frequent recreations using the request pool.
* Use a temporary pool for all the needed copy stuff and clean it up every
time we passed the passbb brigade down the chain. We can pass the
brigade down the chain directly after we processed one bucket from the
original brigade as buffering is done by the network filters.
* Use transient instead of pool buckets.
* There are cases that lead to the exceptional situation of a very large
passbb bucket brigade (about 1,000,000 buckets) as a result of processing
4 MB of a file. So I add a flush bucket once I have more than
MAX_BUCKET (1000) buckets in the brigade and pass it down the chain to get
it send and the passbb bucket brigade cleaned up and its memory reusable
again.
Ruediger Pluem [Sat, 8 Dec 2007 09:23:26 +0000 (09:23 +0000)]
* If no data is available at this point of time we need to switch into the
BODY_CHUNK_PART state like we do several lines later in the code in the
same situation.
Joe Orton [Mon, 3 Dec 2007 11:15:31 +0000 (11:15 +0000)]
* modules/ssl/ssl_util_ocsp.c (read_response): Bail out if the maximum
response-header count is exceeded. Also bump to APLOG_ERR the log
message given after a header read error.
Joe Orton [Mon, 3 Dec 2007 11:06:35 +0000 (11:06 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): For performing
TLS upgrade, require only the presence of a "TLS/1.0" token
somewhere in the Upgrade request-header, rather than as the exact
header value.
Joe Orton [Mon, 3 Dec 2007 11:01:51 +0000 (11:01 +0000)]
* modules/ssl/ssl_engine_io.c (ssl_io_input_add_filter,
ssl_io_filter_init): Don't clear f->r here after adding connection
filters since ap_add_*_filter now guarantee to do it internally.
Vincent Bray [Sun, 2 Dec 2007 05:33:12 +0000 (05:33 +0000)]
PR#44001 AuthDigestEnableQueryStringHack unnecessary for MSIE7.
Reported by: Takashi Sato <serai lans-tv.com>
Confirmed by: Vincent Jong <megaspaz tron.megaspaz.net> & noodl
Ruediger Pluem [Sat, 1 Dec 2007 16:14:21 +0000 (16:14 +0000)]
- when using "-l" reduce two consecutive calls to apr_time_now() to one.
This will not change the logic if no "-l" gets used, and it will spare
one call to apr_time_now() in case "-l" gets used and more important
it gives the code better atomicity, because in fact between the two calls
there is a slight change of jumping oder the DST boundary
- for historic reasons the same code block is used two times with a
slightly different way of transforming apr_time_t to int
(once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
so let's unify it.
- finally move the block into a function, because it gets used already
two times.
Paul J. Reder [Fri, 30 Nov 2007 23:51:48 +0000 (23:51 +0000)]
Ooops. Not sure why this didn't get deleted in the last commit to this file. This
is no longer required due to the more optimal way the list of subgroup attributes
is now handled.
Paul J. Reder [Fri, 30 Nov 2007 23:39:43 +0000 (23:39 +0000)]
Final stage in this ldap commitathon. This fixes some problems
associated with processing of subgroup lists. There were some
problems that arose when the cache was referenced across possible
expirations. As of this fix the nested group code (and the caching
of queries related to nested groups) should be working correctly.
Ruediger Pluem [Thu, 29 Nov 2007 21:48:18 +0000 (21:48 +0000)]
* Detabify and make spacing in HTML code the same as before r593816. This
avoids that the autoindex test (t/modules/autoindex) fails. Adjusting
the autoindex test would cause it to fail with older versions and would
make it harder to recognize regressions.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
Eric Covener [Wed, 28 Nov 2007 22:19:00 +0000 (22:19 +0000)]
Perform all per-LDAP-backend related memory allocations in a standalone pool,
provide a local method to completely remove an LDAP backend connection so
we can someday manage/dispose of extra connections in a reasonable way.
Clarify some commentary around the existing murky close/cleanup API
methods.
Minor bump for new members appended to util_ldap_connection_t, which is not
allocated by consumers of the API.
Paul J. Reder [Wed, 28 Nov 2007 01:43:57 +0000 (01:43 +0000)]
Stage 3 of refactoring. This reverses a couple of if checks so that the code is
easier to follow. The default svn diff looks ugle due to the spacing change. A
cleaner diff ignoring spacing changes can be found at:
http://people.apache.org/~rederpj/util_ldap_ignoring_spacing.diff
Paul J. Reder [Tue, 27 Nov 2007 23:06:44 +0000 (23:06 +0000)]
Refactoring stage 2. This commit moves a large chunk of utility code out to its own function
to make reading and maintaining the actual subgroup function easier. This should just be
shuffling code around and shouldn't result in any semantic changes.
Paul J. Reder [Tue, 27 Nov 2007 03:01:25 +0000 (03:01 +0000)]
Altered some comments and minor formatting of log calls in prep for a refactoring of this routine.
I wanted the diffs to be human readable and understandable. This should just be formatting and
shouldn't alter any semantics.
Joe Orton [Wed, 21 Nov 2007 13:35:59 +0000 (13:35 +0000)]
* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Improve SSL error
log messages: retrieve and log the "data" string where available,
drop the redundant error number (always included in the error string
anyway), and clearly delineate both the "data" and "annotation" from
the error string itself.
PR: 43889
Submitted by: Dr Stephen Henson <steve openssl.org>, jorton
projects / apache / log